Oliver Falk
2004-Oct-11 10:43 UTC
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Hi list! I have some machines running openssh 3.9p1. AllowUsers is set to my users, that are allowed to login. If I set PermitRoot without-password, but do not include root in AllowUsers, root is not able to login with pubkey. I do not want to set root in AllowUsers, since the without-password option should check this allready, I think... So I made a small patch that allows me to login as root without-password, without adding root to the AllowUsers list. I also think, that auth.c has a bug regarding without-password, because it strcmp's method with 'password', but this should be 'without-password', I believe... For more information, have a look at the second junk of the patch... Maybe nobody needs this 'feature', but if anyone does... :-) Best, Oliver PS: Please do reply to my adress, since I'm not subscribed on this list!
Darren Tucker
2004-Oct-11 11:42 UTC
PermitRoot without-password doesn't work if AllowUsers user1 user2 set, but root not included; Also some bug in auth.c (Me thinks)
Oliver Falk wrote:> I have some machines running openssh 3.9p1. > AllowUsers is set to my users, that are allowed to login. > If I set PermitRoot without-password, but do not include root in AllowUsers, > root is not able to login with pubkey. I do not want to set root in > AllowUsers, since the without-password option should check this allready, I > think... So I made a small patch that allows me to login as root > without-password, without adding root to the AllowUsers list. > > I also think, that auth.c has a bug regarding without-password, because it > strcmp's method with 'password', but this should be 'without-password', I > believe...Not unless the IETF SSH working group have changed the name of the authentication method :-)> For more information, have a look at the second junk of the > patch...The patch didn't make it to the list (non-text attachments are stripped out and I suspect yours had the wrong MIME type or something). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.